Data volume encryption is known for storage devices, such as all-disk encryption techniques including Microsoft's BitLocker®. Such techniques can encrypt a data volume, such as a data storage device or a partition of a data storage device, based on a secure cryptographic key. For increased integrity, the key can be secured in a physical manner, such as by storing the key on a portable media device such as a universal serial bus (USB) key, or by reliance on a trusted hardware component such as a Trusted Platform Module (TPM), implemented at least partly in hardware or firmware such as by way of a dedicated chip or part of a chip. Thus in such arrangements the integrity of data volume encryption is dependent on the integrity of the key and its storage.
Computing environments are increasingly virtualized such that computing systems, operating systems and associated resources including hardware, networking, software and associated services are provided in a virtual manner. For example, systems can be deployed including operating systems, storage devices, virtual devices and drivers, applications and the like for execution in virtual machine environments. Typically, such virtualized systems are packaged including one or more memory or storage images of installed system software, such as an operating system, kernel and the like, along with a specification or image of other required resources such as virtualized data volumes. A virtualized data volume is a virtual storage device mapped to one or more other virtual and/or physical storage devices such that, ultimately, data is stored in a physical manner that may be abstracted from a user or virtualized system but that is presented to the user or system by way of an interface to appear as a physical storage volume such as a disk. Such virtualized environments can operate with virtual machine environments such as hypervisors including the VMWare suite of hypervisor software.
Various challenges exist when seeking to extend encryption techniques for data volumes to virtualized data volumes. Firstly, the very nature of a virtualized data volume is such that the volume may be instantiated any number of times within virtual machines in virtualized computing environments. Since the precise nature of the virtualized environment is abstracted from the virtualized data volume, the hardware basis for the virtualized environment is unknown (and is largely emulated, simulated or otherwise virtualized by, for example, a hypervisor or the like). Accordingly hardware based encryption mechanisms cannot be employed since hardware is virtualized and the real hardware used to execute a virtual environment may be shared by many virtualized environments, and virtual machines may transition between hardware platforms. Secondly, encrypted data volumes using a cryptographic key are susceptible to brute force attack or disclosure of the key at a runtime of the environment. For example, the BitLocker® approach to all-disk encryption has been shown to be susceptible to a “cold boot attack” in which decryption keys originating with, or based on, a hardware TPM are accessible from dynamic random-access memory modules (DRAMs) in a computer system even after power is removed from the system. Thus it is possible to access an encrypted data volume using such discovered keys.
It would therefore be advantageous to provide data volume encryption for virtualized data volumes while overcoming these disadvantages with known secure data storage techniques.